diff options
| author | Alejandro Zamora <azamora@machinalis.com> | 2017-06-23 12:06:08 -0300 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2017-08-12 20:14:14 -0400 |
| commit | 90d7b912b9c451dfdfb38f5f1f598af3b879257f (patch) | |
| tree | 7b326aa7e992124ab2ab5fc2dbc9cafdfa79fc90 /docs | |
| parent | b78d100fa62cd4fbbc70f2bae77c192cb36c1ccd (diff) | |
Fixed #28201 -- Added ProhibitNullCharactersValidator and used it on CharField form field.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/ref/validators.txt | 24 | ||||
| -rw-r--r-- | docs/releases/2.0.txt | 7 |
2 files changed, 30 insertions, 1 deletions
diff --git a/docs/ref/validators.txt b/docs/ref/validators.txt index 0136fb45a3..f15fcfac2f 100644 --- a/docs/ref/validators.txt +++ b/docs/ref/validators.txt @@ -304,3 +304,27 @@ to, or in lieu of custom ``field.clean()`` methods. Uses Pillow to ensure that ``value.name`` (``value`` is a :class:`~django.core.files.File`) has `a valid image extension <https://pillow.readthedocs.io/en/latest/handbook/image-file-formats.html>`_. + +``ProhibitNullCharactersValidator`` +----------------------------------- + +.. class:: ProhibitNullCharactersValidator(message=None, code=None) + + .. versionadded:: 2.0 + + Raises a :exc:`~django.core.exceptions.ValidationError` if ``str(value)`` + contains one or more nulls characters (``'\x00'``). + + :param message: If not ``None``, overrides :attr:`.message`. + :param code: If not ``None``, overrides :attr:`code`. + + .. attribute:: message + + The error message used by + :exc:`~django.core.exceptions.ValidationError` if validation fails. + Defaults to ``"Null characters are not allowed."``. + + .. attribute:: code + + The error code used by :exc:`~django.core.exceptions.ValidationError` + if validation fails. Defaults to ``"null_characters_not_allowed"``. diff --git a/docs/releases/2.0.txt b/docs/releases/2.0.txt index 36aea3aefc..0b2074ebb9 100644 --- a/docs/releases/2.0.txt +++ b/docs/releases/2.0.txt @@ -318,7 +318,12 @@ URLs Validators ~~~~~~~~~~ -* ... +* The new :class:`.ProhibitNullCharactersValidator` disallows the null + character in the input of the :class:`~django.forms.CharField` form field + and its subclasses. Null character input was observed from vulnerability + scanning tools. Most databases silently discard null characters, but + psycopg2 2.7+ raises an exception when trying to save a null character to + a char/text field with PostgreSQL. .. _backwards-incompatible-2.0: |
